UNPKG

@banksapitechnology/regprotect-web-component

Version:

BANKSapi Web Component for REG/Protect. This package is part of the BANKSapi WEB/Connect Banking Widgets to integrate banking features directly into your app.

117 lines (100 loc) 4.91 kB
# regprotect-web-component This library is maintained by [BANKSapi Technology GmbH](https://banksapi.de/). For an overview of the features and benefits, visit our [Banking Widgets page](https://banksapi.de/en/banking-widgets-en/). You can find more helpful technical documentation for this and other products in our [developer portal](https://docs.banksapi.de/). For support or assistance with integration, feel free to [contact us](https://banksapi.de/contact/). ## Usage We recommend including this library via a public CDN to automatically benefit from future improvements without requiring any action on your part. ```html <script src="https://cdn.jsdelivr.net/npm/@banksapitechnology/regprotect-web-component/dist/ba-regprotect.js"></script> ``` ## ba-regprotect First, in the HTML, we need to define a container element where our web component will be mounted. This container can be any element, including the document body. ```html <div id="ba-reprotect-container"></div> ``` Some JavaScript is required to create the web component and handle its events. The first step is to [generate a BANKS/Connect token](https://docs.banksapi.de/api-documentation/ui/banks-connect-api-reference.html#tag/auth/POST/auth/oauth2/token). **Important:** This step should be performed on the backend to avoid exposing your BANKS/Connect API credentials in the frontend. Once you have the token, use it to [invalidate all previous REG/Protect sessions](https://docs.banksapi.de/api-documentation/ui/banks-connect-api-reference.html#tag/customer-regprotect/DELETE/customer/v2/regprotect/sessions) for the corresponding user. ```js async function invalidateSessions() { try { const response = await fetch(`https://banksapi.io/customer/regshield/sessions`, { method: 'DELETE', headers: { 'Authorization': `Bearer ${token}`, 'Content-Type': 'application/json' }, }); if (!response.ok) { throw new Error(`${response.status} ${response.statusText}`); } const data = await response.json(); console.log('invalidate sessions done:', data); } catch (error) { console.error('invalidate sessions endpoint error:', error); } } ``` This will give us a fresh start, so we can now implement a use case like adding a bank access ```js async function addBankAccess() { try { // you decide what ID (usually UUIDv4) you bank access will have const accessId = generateUUID(); const payload = { [accessId]: {} } const response = await fetch(`${API_DOMAIN}/customer/v2/bankzugaenge`, { method: 'POST', headers: { 'Authorization': `Bearer ${token}`, 'Customer-Ip-Address': customerIp, 'Content-Type': 'application/json' }, body: JSON.stringify(payload), }); const location = response.headers.get('Location'); // the callback url, will only be used in the "subscribed" event, but must adhere to the whitelist that you communicated to BANKSapi const callbackUrl = `${window.location.href}?event=accessCreated&accountId=${accessId}`; if (!location || callbackUrl.length === 0) { alert('the bank access request was not successful, please check your network log'); } else { const wcConfirm = confirm('Switching to REG/Protect. OK?'); if (wcConfirm) { const sessionLink = `${location}&callbackUrl=${callbackUrl}`; console.log('[sessionLink]', sessionLink); console.log('creating web component'); this.createWCElement(sessionLink); } } } catch (error) { console.error('adding the bank access resulted in an error:', error); } } function createWCElement(sessionLink) { const demoButton = document.getElementById('start-demo'); wcContainer = document.getElementById('ba-reprotect-container'); //.attachShadow({mode: 'closed'}); wcElement = document.createElement('ba-regprotect'); wcElement.sessionLink = sessionLink; wcContainer?.classList.add('regprotect-active') wcContainer?.appendChild(wcElement); wcElement.addEventListener('subscribed', handleWebComponentListener); } function handleWebComponentListener(event) { const demoButton = document.getElementById('start-demo'); console.log('[REG/Protect WC event]', event); console.log('[REG/Protect WC event]', event.detail); // event.detail will look something like this -> // http://localhost:8081/?event=accountCreated&accountId=06f589bd-8d35-494a-8056-2e5d927a3aa3&baReentry=ACCOUNT_CREATED const callbackUrl = event.detail; // evaluate query param, handle event and/or baReentry // add use cases for add bank access, payments, etc., remove web component from DOM beforehand wcContainer?.removeChild(wcElement); wcContainer?.classList.remove('regprotect-active'); console.log('web component event listener removed.'); wcElement.removeEventListener('subscribed'); wcElement = undefined; } ```